返回 X509 request 与 private key (EVP).
"""
rsa = RSA.gen_key(bits, 65537, None)
pk = EVP.PKey()
pk.assign_rsa(rsa)
req = X509.Request()
req.set_pubkey(pk)
name = req.get_subject()
name.C = "US"
name.CN = cn
req.sign(pk,'sha256')
return req, pk
def make_certificate_valid_time(cert, days):
"""
从当前时间算起证书有效期几天。
Parameters:
cert = 证书obj
days = 证书过期的天数
Return:
none
"""
t = long(time.time()) # 获取当前时间
time_now = ASN1.ASN1_UTCTIME()
time_now.set_time(t)
time_exp = ASN1.ASN1_UTCTIME()
time_exp.set_time(t + days * 24 * 60 * 60)
cert.set_not_before(time_now)
cert.set_not_after(time_exp)
def make_certificate(bits):
"""
创建证书
Parameters:
bits = 证快的位数
Return:
证书, 私钥 key (EVP) 与 公钥 key (EVP).
"""
req, pk = make_request(bits, "localhost")
puk = req.get_pubkey()
cert = X509.X509()
cert.set_serial_number(1) # 证书的序例号
cert.set_version(1) # 证书的版本
cert.set_issuer(issuer_name()) # 发行人信息
cert.set_subject(issuer_name()) # 主题信息
cert.set_pubkey(puk)
make_certificate_valid_time(cert, 365) # 证书的过期时间
cert.sign(pk, 'sha256')
return cert, pk, puk
# 开始创建
cert, pk, puk= make_certificate(1024)
cert.save_pem('jb51.net-cret.pem')
pk.save_key('jb51.net-private.pem',cipher = None, callback = lambda: None)
puk.get_rsa().save_pub_key('jb51.net-public.pem')
2.用证书加密、私钥文件解密
def geekso_encrypt_with_certificate(message, cert_loc):
"""
cert证书加密,可以用私钥文件解密.
Parameters:
message = 要加密的串
cert_loc = cert证书路径
